Authentication support

Out of the box support for leading social services such as Twitter, Facebook, Google, LinkedIn and GitHub. Silhouette also includes a credentials and basic authentication provider that supports local login functionality.

Client agnostic

Silhouette comes with a set of stateless as well as stateful authenticator implementations which allows an application to handle a wide range of different clients like traditional web browsers as well as native (desktop, mobile, ...) apps.

Asynchronous, non-blocking operations

We follow the Reactive Manifesto. This means that all requests and web servicecalls are asynchronous, non-blocking operations. For the event handling part of Silhouette we use Akka's Event Bus implementation. Lastly, all persistence interfaces are defined to return Scala Futures.

Very customizable, extendable and testable

From the ground up Silhouette was designed to be as customizable, extendable and testable as possible. All components can be enhanced via inheritance or replaced based on their traits, thanks to its loosely coupled design.

Internationalization support

Silhouette makes it very easy to internationalize your application by making the Play Framework's Request and Messages available where they are needed.

Well tested

Silhouette is a security component which protects your users from being compromised by attackers. Therefore, we aim for complete code coverage with unit and integration tests.

Follows the OWASP Authentication Cheat Sheet

Silhouette implements and promotes best practices such as described by the OWASP Authentication Cheat Sheet like Password Strength Controls, SSL Client Authentication or use of authentication protocols that require no password.